Our customers have asked for this and we’ve been listening – advanced data security is now available for SQL Server on Azure Virtual Machines! Using just a few simple steps, you can now protect your SQL Server installations on Azure VMs with Microsoft’s advanced data security capabilities.

Advanced data security for SQL Server on Azure VM currently includes functionality for surfacing and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate a threat to your server. To get started today, read the Advanced data security for SQL Server on VM setup instructions.

Why you should enable advanced data security for SQL Server on Azure VM

While in public preview, advanced data security for SQL Server on Azure VM is free and includes:

Vulnerability assessment – A database scanning service that can discover, track, and help you remediate potential database vulnerabilities. Detected vulnerabilities across all connected SQL Servers will appear in one unified dashboard!

These advanced security features have evolved and benefited from continuous improvement over the past couple of years, and have already been running on more than 1 million databases in the corresponding Azure SQL Database service – Advanced data security for Azure SQL databases.

How does it work?

Using the Azure Log Analytics agent, you connect your SQL Server’s hosting machine to a Log Analytics workspace. The agent collects audit logs for login events (omitting any sensitive data like queries or user’s data) and uploads them from the machine to the workspace, where our security analytics capabilities go into action. In addition, the agent also collects results from the vulnerability assessment scans and sends those to the workspace as well.

Logs and assessment results will appear in the workspace and are entirely under your control and can be queried for more insights. You can also identify the logs that triggered Advanced Threat Protection alerts for further investigation. Finally, the workspace contains a built-in dashboard for intuitive analysis of the vulnerability assessment results.